Get Gentoo!

Last updated: 2026-04-26 13:16:13 +0200

unclassified (123)


??: 123
Average staleness: 348 / Average age: 446

BugSeveritySummaryStatusStaleAge
864013

??

app-i18n/yaskkserv2: 'cargo audit' reports one or more bundled CRATES as vulnerable

13591359
864028

??

app-shells/mcfly: 'cargo audit' reports one or more bundled CRATES as vulnerable

13591359
864031

??

app-shells/nushell: 'cargo audit' reports one or more bundled CRATES as vulnerable

13591359
864067

??

dev-util/rustup: 'cargo audit' reports one or more bundled CRATES as vulnerable

13591359
864076

??

dev-util/wachy: 'cargo audit' reports one or more bundled CRATES as vulnerable

13591359
864082

??

dev-vcs/mercurial: 'cargo audit' reports one or more bundled CRATES as vulnerable

13591359
864046

??

dev-python/adblock: 'cargo audit' reports one or more bundled CRATES as vulnerable

13581359
675904

??

dev-db/{mariadb,mysql,percona-server,mysql-connector-c}: ENABLED_LOCAL_INFILE in the client is exploitable by the server

13542653
864052

??

dev-util/bingrep: 'cargo audit' reports one or more bundled CRATES as vulnerable

13071359
880669

??

[Tracker] Go x/text DoS via crafted Accept-Language header

CVE-2022-32149

linux kernel: multiple vulnerabilities in Xen
sys-apps/portage uses /var/tmp insecurely
[Tracker] UAF in Expat's xmlparse.c:doContent
[Tracker] Vulnerabilty in app-arch/qpress
[Tracker] Prometheus basic authentication bypass via exporter-toolkit
[Tracker] Denial of service in Go's net/http
[Tracker] Denial of service in Go's crypto/ssh
[Tracker] nuget credential leakage
Use-after-free in Zen 2 processors ("zenbleed")
[Tracker] MySQL DoS (Oracle CPU Oct 2023)
RUSTSEC-2023-0075: unsafe-libyaml: Unaligned write of u64 on 32-bit and 16-bit platforms
GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS
[Tracker] runc container breakout vulnerability
[Tracker] CUPS vulnerabilities on 2024-09-26
[Tracker] Vulnerability in 7zip's zstandard (zstd) implementation
dev-libs/xmlrpc-c[-libxml2] uses vulnerable bundle of dev-libs/expat from many years ago
media-libs/giflib buffer overflow
media-libs/giflib path traversal vulnerability in gifinto utility
sys-kernel/gentoo-kernel, sys-kernel/gentoo-kernel-bin, sys-kernel/gentoo-sources: CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root
dev-db/lmdb, dev-python/lmdb: multiple vulnerabilities?
opam < 2.5.1 has security advisor OSEC-2026-03
www-client/chromium, www-client/google-chrome, www-client/microsoft-edge, www-client/opera, www-client/opera-gx, www-client/vivaldi, www-client/vivaldi-snapshot: multiple vulnerabilities

12631263

unknown (240)


Major: 71 / Normal: 124 / Minor: 18 / Trivial: 12 / ??: 15
Average staleness: 162 / Average age: 628

BugSeveritySummaryStatusStaleAge
934736

Major

<app-editors/emacs-{26.3-r19,27.2-r17,28.2-r13,29.3-r3} <app-emacs/org-mode-9.7.5: org-mode command execution vulnerability

CVE-2024-39331

514673
957155

Major

<mail-client/roundcube-1.6.11 : Post-Auth RCE via PHP Object Deserialization

46325
908905

Major

<dev-perl/HTTP-Daemon-6.160.0: Incorrect handling of multiple Content-Length headers

CVE-2022-31081

191040
931653

Major

<www-client/chromium-124.0.6367.201, <www-client/google-chrome-124.0.6367.201, <www-client/microsoft-edge-124.0.2478.97: Use after free in Visuals

CVE-2024-4671

<www-client/chromium-130.0.6723.116, <www-client/google-chrome-130.0.6723.116, <www-client/microsoft-edge-130.0.2849.80, <www-client/opera-115.0.5322.77: Multiple vulnerabilities
<www-client/chromium-144.0.7559.96, <www-client/google-chrome-144.0.7559.96, <www-client/microsoft-edge-144.0.3719.92, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Race in V8

19716
931897

Major

<www-client/chromium-124.0.6367.207, <www-client/google-chrome-124.0.6367.207, <www-client/microsoft-edge-124.0.2478.105, <www-client/opera-110.0.5130.66: Out of bounds write in V8

CVE-2024-4761

<www-client/chromium-130.0.6723.116, <www-client/google-chrome-130.0.6723.116, <www-client/microsoft-edge-130.0.2849.80, <www-client/opera-115.0.5322.77: Multiple vulnerabilities
<www-client/chromium-144.0.7559.96, <www-client/google-chrome-144.0.7559.96, <www-client/microsoft-edge-144.0.3719.92, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Race in V8

19712
932394

Major

<www-client/chromium-125.0.6422.76, <www-client/google-chrome-125.0.6422.76, <www-client/microsoft-edge-125.0.2535.67, <www-client/opera-111.0.5168.25: multiple vulnerabilities

CVE-2024-5157 CVE-2024-5158 CVE-2024-5159 CVE-2024-5160

<www-client/chromium-130.0.6723.116, <www-client/google-chrome-130.0.6723.116, <www-client/microsoft-edge-130.0.2849.80, <www-client/opera-115.0.5322.77: Multiple vulnerabilities
<www-client/chromium-144.0.7559.96, <www-client/google-chrome-144.0.7559.96, <www-client/microsoft-edge-144.0.3719.92, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Race in V8

19704
932675

Major

<www-client/-chromium-125.0.6422.112, <www-client/google-chrome-125.0.6422.112, <www-client/microsoft-edge-125.0.2535.67, <www-client/opera-111.0.5168.25: Type Confusion in V8

CVE-2024-5274

19701
934192

Major

<www-client/chromium-126.0.6478.57 <www-client/google-chrome-126.0.6478.55 <www-client/microsoft-edge-126.0.2592.56, <www-client/opera-112.0.5197.25: multiple vulnerabilities

CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833 CVE-2024-5834 CVE-2024-5835 CVE-2024-5836 CVE-2024-5837 CVE-2024-5838 CVE-2024-5839 CVE-2024-5840 CVE-2024-5841 CVE-2024-5842 CVE-2024-5843 CVE-2024-5844 CVE-2024-5845 CVE-2024-5846 CVE-2024-5847

<www-client/chromium-130.0.6723.116, <www-client/google-chrome-130.0.6723.116, <www-client/microsoft-edge-130.0.2849.80, <www-client/opera-115.0.5322.77: Multiple vulnerabilities
<www-client/chromium-144.0.7559.96, <www-client/google-chrome-144.0.7559.96, <www-client/microsoft-edge-144.0.3719.92, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Race in V8

19682
934536

Major

<www-client/chromium-126.0.6478.114, <www-client/google-chrome-126.0.6478.114, <www-client/microsoft-edge-126.0.2592.68, <www-client/opera-112.0.5197.25: multiple vulnerabilities

CVE-2024-6100 CVE-2024-6101 CVE-2024-6102 CVE-2024-6103

<www-client/chromium-130.0.6723.116, <www-client/google-chrome-130.0.6723.116, <www-client/microsoft-edge-130.0.2849.80, <www-client/opera-115.0.5322.77: Multiple vulnerabilities
<www-client/chromium-144.0.7559.96, <www-client/google-chrome-144.0.7559.96, <www-client/microsoft-edge-144.0.3719.92, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Race in V8

19676
934959

Major

<www-client/chromium-126.0.6478.126, <www-client/google-chrome-126.0.6478.126, <www-client/microsoft-edge-126.0.2592.8, <www-client/opera-112.0.5197.25: multiple vulnerabilities

CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293

<www-client/chromium-130.0.6723.116, <www-client/google-chrome-130.0.6723.116, <www-client/microsoft-edge-130.0.2849.80, <www-client/opera-115.0.5322.77: Multiple vulnerabilities
<www-client/chromium-144.0.7559.96, <www-client/google-chrome-144.0.7559.96, <www-client/microsoft-edge-144.0.3719.92, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Race in V8

19669

tracker (27)


Normal: 1 / ??: 26
Average staleness: 469 / Average age: 1014

BugSeveritySummaryStatusStaleAge
915553

Normal

[Tracker] HTTP/2 Rapid Reset vulnerability

CVE-2023-44487

Tracked bugs: 7 open / 14 total

254929
824306

??

[Tracker] Vulnerability in gstreamer (CVE-2021-3522)

CVE-2021-3522

Tracked bugs: 1 open / 2 total

16201620
807352

??

[Tracker] NO STARTTLS collection of vulnerabilities

Tracked bugs: 2 open / 18 total

13401720
924455

??

[Tracker] "KeyTrap" DNS DoS vulnerability

CVE-2023-50387 CVE-2023-50868

Tracked bugs: 3 open / 5 total

796802
643228

??

[TRACKER] kernel: Meltdown and Spectre - A flaw in modern processors (CVE-2017-{5715,5753,5754})

Tracked bugs: 1 open / 7 total

7843035
643342

??

[TRACKER] hw: cpu: speculative execution branch target injection (CVE-2017-5715)

CVE-2017-5715

Tracked bugs: 1 open / 11 total

7843034
920280

??

[Tracker] Terrapin Vulnerability

CVE-2023-48795

Tracked bugs: 4 open / 10 total

736860
932373

??

[Tracker] Mozilla Foundation Security Advisory for May 14/15th, 2024

CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769 CVE-2024-4770 CVE-2024-4777 MSFA2024-21 MSFA2024-22 MSFA2024-23

Tracked bugs: 263 open / 10000 total

705705
942468

??

[Tracker] Mozilla Foundation Security Advisory for October 29, 2024

CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467 CVE-2024-10468 MFSA2024-55 MFSA2024-56 MFSA2024-57 MFSA2024-58 MFSA2024-59

Tracked bugs: 1 open / 3 total

544544
942555

??

[TRACKER] Vulnerable containers/storage library leads to symlink traversal that can result in denial of service via OOM

CVE-2024-9676

Tracked bugs: 4 open / 4 total

543543

upstream (97)


Major: 9 / Normal: 25 / Minor: 46 / Trivial: 13 / ??: 4
Average staleness: 1013 / Average age: 1521

BugSeveritySummaryStatusStaleAge
626822

Major

media-libs/libmad: Dos (memory corruption) via crafted MP3 files

CVE-2017-11552

18233190
907924

Major

dev-python/reportlab: remote code execution

CVE-2023-33733

10551055
866386

Major

app-arch/unzip: null pointer dereference

CVE-2021-4217

9311341
901393

Major

app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection

CVE-2023-28339

4741138
970044

Major

<www-client/chromium-145.0.7632.75, <www-client/google-chrome-145.0.7632.75, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-127.0.5778.64, <www-client/vivaldi-7.8.3925.73: Use after free in CSS

CVE-2026-2441

<www-client/chromium-145.0.7632.67, <www-client/google-chrome-145.0.7632.67, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.73: multiple vulnerabilities
<www-client/chromium-145.0.7632.109, <www-client/google-chrome-145.0.7632.109, <www-client/microsoft-edge-145.0.3800.70, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.73: multiple vulnerabilities
<www-client/chromium-145.0.7632.116, <www-client/google-chrome-145.0.7632.116, <www-client/microsoft-edge-145.0.3800.82, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.74: multiple vulnerabilities
<www-client/chromium-145.0.7632.159, <www-client/google-chrome-145.0.7632.159, <www-client/microsoft-edge-145.0.3800.97, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.76: multiple vulnerabilities

4472
970045

Major

<www-client/chromium-145.0.7632.67, <www-client/google-chrome-145.0.7632.67, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.73: multiple vulnerabilities

CVE-2026-2313 CVE-2026-2314 CVE-2026-2315 CVE-2026-2316 CVE-2026-2317 CVE-2026-2318 CVE-2026-2319 CVE-2026-2320 CVE-2026-2321 CVE-2026-2322 CVE-2026-2323

<www-client/chromium-145.0.7632.75, <www-client/google-chrome-145.0.7632.75, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-127.0.5778.64, <www-client/vivaldi-7.8.3925.73: Use after free in CSS

2272
970311

Major

<www-client/chromium-145.0.7632.109, <www-client/google-chrome-145.0.7632.109, <www-client/microsoft-edge-145.0.3800.70, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.73: multiple vulnerabilities

CVE-2026-2648 CVE-2026-2649 CVE-2026-2650

<www-client/chromium-145.0.7632.75, <www-client/google-chrome-145.0.7632.75, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-127.0.5778.64, <www-client/vivaldi-7.8.3925.73: Use after free in CSS

2266
970511

Major

<www-client/chromium-145.0.7632.116, <www-client/google-chrome-145.0.7632.116, <www-client/microsoft-edge-145.0.3800.82, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.74: multiple vulnerabilities

CVE-2026-3061 CVE-2026-3062 CVE-2026-3063

<www-client/chromium-145.0.7632.75, <www-client/google-chrome-145.0.7632.75, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-127.0.5778.64, <www-client/vivaldi-7.8.3925.73: Use after free in CSS

2262
970908

Major

<www-client/chromium-145.0.7632.159, <www-client/google-chrome-145.0.7632.159, <www-client/microsoft-edge-145.0.3800.97, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.76: multiple vulnerabilities

CVE-2026-3536 CVE-2026-3537 CVE-2026-3538 CVE-2026-3539 CVE-2026-3540 CVE-2026-3541 CVE-2026-3542 CVE-2026-3543 CVE-2026-3544 CVE-2026-3545

<www-client/chromium-145.0.7632.75, <www-client/google-chrome-145.0.7632.75, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-127.0.5778.64, <www-client/vivaldi-7.8.3925.73: Use after free in CSS

2253
721672

Normal

dev-python/pip: Possible code execution via untrusted packages from external indexes (CVE-2018-20225)

CVE-2018-20225

21792179

upstreamebuild (36)


Normal: 12 / Minor: 14 / Trivial: 7 / ??: 3
Average staleness: 562 / Average age: 1055

BugSeveritySummaryStatusStaleAge
798480

Normal

app-text/djvu: multiple vulnerabilities (CVE-2021-{3500,32490,32491,32492,32493})

CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVE-2021-3500

15771766
759544

Normal

www-misc/awstats: Arbitrary code execution (CVE-2020-35176)

CVE-2020-35176

13491961
821346

Normal

dev-db/redis: integer overflow via bundled hiredis

12821636
836920

Normal

sys-apps/busybox: multiple vulnerabilities

CVE-2022-28391 CVE-2022-30065

9891481
793953

Normal

net-dns/avahi: multiple DoS vulnerabilities

CVE-2021-3468 CVE-2021-3502 CVE-2021-36217 CVE-2023-1981 CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473

9031789
897952

Normal

app-text/htmltidy: arbitrary code execution

CVE-2021-33391

6671155
838382

Normal

media-sound/sox: multiple vulnerabilities

CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-3643 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651 CVE-2023-26590 CVE-2023-32627 CVE-2023-34318 CVE-2023-34432

741472
971093

Normal

sys-libs/glibc: nscd client crash on x86_64 under high nscd load

CVE-2026-3904 GLIBC-SA-2026-0004

4646
971145

Normal

dev-libs/openssl: TLS 1.3 server may choose unexpected key agreement group

CVE-2026-2673

4444
972527

Normal

sys-libs/musl: Multiple vulnerabilities

CVE-2026-40200 CVE-2026-6042

1515

ebuild (45)


Critical: 2 / Major: 3 / Normal: 15 / Minor: 13 / Trivial: 7 / ??: 5
Average staleness: 681 / Average age: 849

BugSeveritySummaryStatusStaleAge
918679

Critical

dev-libs/stb: multiple vulnerabilities

CVE-2023-43281 CVE-2023-43898 CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-45676 CVE-2023-45677 CVE-2023-45678 CVE-2023-45679 CVE-2023-45680 CVE-2023-45681 CVE-2023-45682

749880
937483

Critical

net-wireless/wpa_supplicant: possible privilege escalation

CVE-2024-5290

365627
942684

Major

sys-cluster/slurm: Incorrect Authorization

CVE-2024-48936

399541
953891

Major

www-client/firefox{-bin,}: multiple vulnerabilities

CVE-2025-3608

375376
953892

Major

mail-client/thunderbird{-bin,}: multiple vulnerabilities

CVE-2025-2830 CVE-2025-3523

373376
802513

Normal

net-analyzer/fail2ban: code exection via malicious whois responses (CVE-2021-32749)

CVE-2021-32749

13551745
821220

Normal

<sys-devel/gcc-12.1.0: Unicode "bidirectional override" (CVE-2021-42574)

13511637
868150

Normal

<dev-lang/python-{3.8.13_p8, 3.9.13_p6, 3.10.6_p4, 3.11.0_rc1_p2}, dev-python/pypy{,3}: Denial of service via abuse of bignum int type

CVE-2020-10735

12921331
917613

Normal

net-libs/pjproject: UAF in SRTP media transport

CVE-2023-38703

888888
918556

Normal

media-gfx/dpic: multiple vulnerabilities

CVE-2021-32420 CVE-2021-32421 CVE-2021-32422 CVE-2021-33388 CVE-2021-33390

883883

stable? (31)


Major: 5 / Normal: 8 / Minor: 15 / Trivial: 1 / ??: 2
Average staleness: 25 / Average age: 94

BugSeveritySummaryStatusStaleAge
971068

Major

<www-client/firefox{-bin,}-148.0.2: multiple vulnerabilities

CVE-2026-3846 CVE-2026-3847 MFSA2026-19

3547
965825

Major

<app-containers/containerd-{2.0.7, 2.1.5}: multiple vulnerabilities

CVE-2024-25621 CVE-2025-64329 GHSA-m6hq-p25p-ffr2 GHSA-pwhc-rpq9-4c8w

34169
970830

Major

<net-libs/libsoup-3.6.6: multiple vulnerabilities

CVE-2026-1467 CVE-2026-1801 CVE-2026-2369

3455
972440

Major

<sys-libs/libcap-2.78: TOCTOU vulnerability

CVE-2026-4878

1517
966005

Normal

net-print/cups-filters, <net-print/libcupsfilters-2.1.1-r1: multiple vulnerabilities

BIGSLEEP-434612419 BIGSLEEP-434614928 BIGSLEEP-434615384 BIGSLEEP-434616143 CGHSA-893j-2wr2-wrh9 CVE-2025-57812 CVE-2025-64503 GHSA-fmvr-45mx-43c6 GHSA-jpxg-qc2c-hgv4 GHSA-rc6w-jmvv-v7gx

62165
965332

Normal

<app-containers/docker-compose-2.40.3: Path Traversal via OCI Artifact Layer Annotations

CVE-2025-62725 GHSA-gv8h-7v7w-r22q

35178
968772

Normal

<dev-lang/spidermonkey-140.7.0: multiple vulnerabilities

35102
971843

Normal

<app-arch/xz-utils-5.8.3: Multiple vulnerabilities

CVE-2026-34743

2526
971935

Normal

<sys-apps/util-linux-2.41.4: Multiple vulnerabilities

CVE-2026-27456

2424
970481

Minor

<net-print/cups-filters-2.0.1-r1: Infinite loop caused by crafted file

CVE-2025-64524

6263

stable (31)


Major: 5 / Normal: 9 / Minor: 13 / ??: 4
Average staleness: 44 / Average age: 185

BugSeveritySummaryStatusStaleAge
967884

Major

<app-crypt/gnupg-{2.4.9, 2.5.14}, <app-crypt/freepg-2.5.16: Memory corruption in armor parser

81124
970987

Major

<media-libs/gst-plugins-good-1.24.13-r1: multiple vulnerabilities

CVE-2026-3083 CVE-2026-3085 GStreamer-SA-2026-0002 GStreamer-SA-2026-0008 ZDI-26-166 ZDI-26-167 ZDI-CAN-28850 ZDI-CAN-28851

2049
970989

Major

<media-libs/gst-plugins-ugly-1.24.13-r1: multiple vulnerabilities

CVE-2026-2920 CVE-2026-2922 GStreamer-SA-2026-0005 GStreamer-SA-2026-0006 ZDI-26-164 ZDI-26-165 ZDI-CAN-28843 ZDI-CAN-28845

1649
970993

Major

<media-libs/gst-plugins-bad-1.24.13-r1: multiple vulnerabilities

CVE-2026-2923 CVE-2026-3081 CVE-2026-3082 CVE-2026-3084 CVE-2026-3086 GStreamer-SA-2026-0001 GStreamer-SA-2026-0003 GStreamer-SA-2026-0007 GStreamer-SA-2026-0009 GStreamer-SA-2026-0010 GStreamer-SA-2026-0011 GStreamer-SA-2026-0012 ZDI-26-161 ZDI-26-162 ZDI-26-163 ZDI-26-169 ZDI-26-170 ZDI-CAN-28838 ZDI-CAN-28839 ZDI-CAN-28840 ZDI-CAN-28910 ZDI-CAN-28911

1649
971090

Major

<net-misc/curl-8.19.0: multiple vulnerabilities

CVE-2026-1965 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805

1546
965041

Normal

<net-dns/bind-{9.18.42,9.20.16}: multiple vulnerabilities

CVE-2025-40778 CVE-2025-40780 CVE-2025-8677

<net-dns/bind-{9.18.39, 9.20.21}: Malformed BRID/HHIT records can cause named to terminate unexpectedly
<net-dns/bind-{9.18.47, 9.20.21}: multiple vulnerabilities

152185
965476

Normal

<dev-db/redis-8.2.3:0/8.2: Bug in XACKDEL may lead to stack overflow and potential RCE

CVE-2025-62507

103175
967237

Normal

<dev-libs/glib-2.84.4-r1: Multiple vulnerabilities

CVE-2025-13601 CVE-2025-14087

98139
967859

Normal

<dev-lang/php-{8.2.30,8.3.29,8.4.16,8.5.1}: multiple vulnerabilities

CVE-2025-14177 CVE-2025-14178 CVE-2025-14180

69125
971014

Normal

<app-antivirus/clamav-{1.4.4,1.5.2}: 1.x: Denial of Service

CVE-2026-20031

4848

cleanup (60)


Critical: 1 / Major: 17 / Normal: 14 / Minor: 23 / Trivial: 4 / ??: 1
Average staleness: 154 / Average age: 485

BugSeveritySummaryStatusStaleAge
953023

Critical

<dev-lang/spidermonkey-128.9.0: multiple vulnerabilities

<dev-lang/spidermonkey-128.4.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.5.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.6.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.8.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.13.0: multiple vulnerabilities

219390
942471

Major

<dev-lang/spidermonkey-128.4.0: multiple vulnerabilities

<dev-lang/spidermonkey-128.5.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.6.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.8.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.9.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.13.0: multiple vulnerabilities

347544
950112

Major

<media-libs/openh264-2.6.0: Decoding functions heap overflow

CVE-2025-27091 GHSA-m99q-5j7x-7m9x

224428
951155

Major

<www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities

CVE-2025-1920 CVE-2025-2135 CVE-2025-2136 CVE-2025-2137

<www-client/chromium-139.0.7258.127, <www-client/google-chrome-139.0.7258.127, <www-client/microsoft-edge-139.0.3405.102, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: multiple vulnerabilities
<www-client/chromium-139.0.7258.138, <www-client/google-chrome-139.0.7258.138, <www-client/microsoft-edge-138.0.3351.144, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: Out of bounds write in V8
<www-client/chromium-139.0.7258.154, <www-client/google-chrome-139.0.7258.154, <www-client/microsoft-edge-139.0.3405.125, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: use after free in ANGLE
<www-client/chromium-140.0.7339.185, <www-client/google-chrome-140.0.7339.185, <www-client/microsoft-edge-140.0.3485.81, <www-client/opera-122.0.5643.51, <www-client/vivaldi-7.6.3797.52: multiple vulnerabilities
<www-client/chromium-141.0.7390.54, <www-client/google-chrome-141.0.7390.54, <www-client/microsoft-edge-141.0.3537.57, <www-client/opera-125.0.5729.12, <www-client/vivaldi-7.7.3851.52: multiple vulnerabilities
<www-client/chromium-141.0.7390.107, <www-client/google-chrome-141.0.7390.107, <www-client/microsoft-edge-141.0.3537.85, <www-client/opera-125.0.5729.12, <www-client/vivaldi-7.7.3851.52: Use after free in Safe Browsing
<www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API
<www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, www-client/opera, www-client/opera-gx, www-client/vivaldi, www-client/vivaldi-snapshot: multiple vulnerabilities

218411
951739

Major

<net-libs/webkit-gtk-2.48.3: multiple vulnerabilities

CVE-2024-44192 CVE-2024-54467 CVE-2024-54551 CVE-2025-24201 CVE-2025-24208 CVE-2025-24209 CVE-2025-24213 CVE-2025-24216 CVE-2025-24264 CVE-2025-30427 WSA-2025-0002 WSA-2025-0003

<net-libs/webkit-gtk-2.46.5{,-r410,-r600}: multiple vulnerabilities
<net-libs/webkit-gtk-2.50.1: multiple vulnerabilities
<net-libs/webkit-gtk-2.50.4: multiple vulnerabilities

152400
961477

Major

<www-client/chromium-139.0.7258.127, <www-client/google-chrome-139.0.7258.127, <www-client/microsoft-edge-139.0.3405.102, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: multiple vulnerabilities

CVE-2025-8879 CVE-2025-8880 CVE-2025-8881 CVE-2025-8882 CVE-2025-8901

<www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities
<www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API
<www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, www-client/opera, www-client/opera-gx, www-client/vivaldi, www-client/vivaldi-snapshot: multiple vulnerabilities

51255
961834

Major

<www-client/chromium-139.0.7258.138, <www-client/google-chrome-139.0.7258.138, <www-client/microsoft-edge-138.0.3351.144, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: Out of bounds write in V8

CVE-2025-9132

<www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities
<www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API
<www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, www-client/opera, www-client/opera-gx, www-client/vivaldi, www-client/vivaldi-snapshot: multiple vulnerabilities

51248
962051

Major

<www-client/chromium-139.0.7258.154, <www-client/google-chrome-139.0.7258.154, <www-client/microsoft-edge-139.0.3405.125, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: use after free in ANGLE

CVE-2025-9478

<www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities
<www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API
<www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, www-client/opera, www-client/opera-gx, www-client/vivaldi, www-client/vivaldi-snapshot: multiple vulnerabilities

51241
963024

Major

<www-client/chromium-140.0.7339.185, <www-client/google-chrome-140.0.7339.185, <www-client/microsoft-edge-140.0.3485.81, <www-client/opera-122.0.5643.51, <www-client/vivaldi-7.6.3797.52: multiple vulnerabilities

CVE-2025-10500 CVE-2025-10501 CVE-2025-10502 CVE-2025-10585

<www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities
<www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API
<www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, www-client/opera, www-client/opera-gx, www-client/vivaldi, www-client/vivaldi-snapshot: multiple vulnerabilities

51220
963638

Major

<www-client/chromium-141.0.7390.54, <www-client/google-chrome-141.0.7390.54, <www-client/microsoft-edge-141.0.3537.57, <www-client/opera-125.0.5729.12, <www-client/vivaldi-7.7.3851.52: multiple vulnerabilities

CVE-2025-11205 CVE-2025-11206 CVE-2025-11207 CVE-2025-11208 CVE-2025-11209 CVE-2025-11210 CVE-2025-11211 CVE-2025-11212 CVE-2025-11213 CVE-2025-11215 CVE-2025-11216 CVE-2025-11219

<www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities
<www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API
<www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, www-client/opera, www-client/opera-gx, www-client/vivaldi, www-client/vivaldi-snapshot: multiple vulnerabilities

51207

glsa? (543)


Minor: 538 / ??: 5
Average staleness: 578 / Average age: 980

BugSeveritySummaryStatusStaleAge
742491

Minor

<dev-libs/libsass-3.6.4: multiple vulnerabilities (CVE-2019-18798)

CVE-2019-18798

17322050
759013

Minor

<media-gfx/pngcheck-3.0.2: Multiple vulnerabilities (CVE-2020-27818)

CVE-2020-27818

<media-gfx/pngcheck-3.0.3: global buffer overflow

759013, 866233

17321965
760702

Minor

<dev-python/rsa-4.7: timing attack vulnerability (CVE-2020-25658)

CVE-2020-25658

17321954
760827

Minor

<dev-db/mongodb-{4.0.20,4.2.10}: multiple vulnerabilities (CVE-2019-2392, CVE-2020-{7925,7928})

CVE-2019-2392 CVE-2020-7925 CVE-2020-7928

<dev-db/mongodb-{4.2.15,4.4.4}: DoS via crafted find query (CVE-2021-20326)
<dev-db/mongodb-5.0.30: Improper neutralization of null bytes may lead to buffer over-reads

760827, 798132, 944308

17321953
776772

Minor

<net-irc/ircii-20210314: Multiple vulnerabilities

CVE-2021-29376

17321867
780051

Minor

<www-apache/mod_jk-1.2.46 bypass htaccess by adding ';' at the end of an URL (CVE-2018-11759)

17321848
762460

Minor

<gnome-base/gdm-40.0: authentication bypass (CVE-2020-27837)

CVE-2020-27837

17231944
780858

Minor

<app-arch/file-roller-3.38.1: arbitrary file overwrite via malicious archive

CVE-2020-36314

17231845
755896

Minor

net-proxy/polipo: multiple vulnerabilities (CVE-2020-36420, CVE-2021-38614)

CVE-2020-36420 CVE-2021-38614

17161982
730890

Minor

<mail-mta/sendmail-8.16.1: Reconnections may not use STARTTLS

<mail-mta/sendmail-8.18.1-r1: Possibly inadequate key sizes for RSA

730890, 715470

17022121

glsa (4)


Major: 1 / Normal: 2 / Minor: 1
Average staleness: 24 / Average age: 325

BugSeveritySummaryStatusStaleAge
967325

Major

www-client/firefox: <146.0 & <140.6.0 December 2025 vulnerabilities

35136
906461

Normal

<sys-libs/libcap-2.69: Multiple vulnerabilities

CAP-CR-23-02 CVE-2023-2602 CVE-2023-2603 LCAP-CR-23-01

481077
970886

Normal

<media-libs/freetype-2.14.2: Multiple vulnerabilities

CVE-2026-23865

<media-libs/freetype-2.14.3: Multiple vulnerabilities

853
971490

Minor

<media-libs/freetype-2.14.3: Multiple vulnerabilities

<media-libs/freetype-2.14.2: Multiple vulnerabilities

834